Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: nodejs/node
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v14.21.2
Choose a base ref
...
head repository: nodejs/node
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v14.21.3
Choose a head ref
  • 12 commits
  • 1,069 files changed
  • 5 contributors

Commits on Dec 13, 2022

  1. Working on v14.21.3 

    PR-URL: #45775
    @richardlau
    richardlau committed Dec 13, 2022
    Configuration menu
    Copy the full SHA
    1516019 View commit details
    Browse the repository at this point in the history

Commits on Dec 21, 2022

  1. doc: clarify release notes for Node.js 14.21.2 

    Refs: #45775
PR-URL: #45846
Refs: nodejs/nodejs.org#4972
Reviewed-By: Filip Skokan <panva.ip@gmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
    @richardlau
    richardlau committed Dec 21, 2022
    Configuration menu
    Copy the full SHA
    d73ea4d View commit details
    Browse the repository at this point in the history

Commits on Jan 22, 2023

  1. test: avoid left behind child processes 

    Extend the Linux logic to all POSIX platforms in
test-child-process-exec-abortcontroller-promisified.

PR-URL: #46276
Fixes: nodejs/build#3154
Refs: #37518
Reviewed-By: Moshe Atlow <moshe@atlow.co.il>
Reviewed-By: Beth Griggs <bethanyngriggs@gmail.com>
Reviewed-By: Ruy Adorno <ruyadorno@google.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: MichaΓ«l Zasso <targos@protonmail.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
    @richardlau
    richardlau committed Jan 22, 2023
    Configuration menu
    Copy the full SHA
    a5f8798 View commit details
    Browse the repository at this point in the history

Commits on Feb 8, 2023

  1. deps: upgrade npm to 6.14.18 

    PR-URL: #45936
Reviewed-By: Rafael Gonzaga <rafael.nunu@hotmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
    @ruyadorno @richardlau
    ruyadorno authored and richardlau committed Feb 8, 2023
    Configuration menu
    Copy the full SHA
    224e93c View commit details
    Browse the repository at this point in the history

Commits on Feb 13, 2023

  1. deps: upgrade openssl sources to 1.1.1t 

    This updates all sources in deps/openssl/openssl by:
    $ cd deps/openssl/
    $ rm -rf openssl
    $ tar zxf ~/tmp/openssl-1.1.1t.tar.gz
    $ mv openssl-1.1.1t openssl
    $ git add --all openssl
    $ git commit openssl

PR-URL: #46566
Refs: https://mta.openssl.org/pipermail/openssl-announce/2023-February/000251.html
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Beth Griggs <bethanyngriggs@gmail.com>
    @RafaelGSS @richardlau
    RafaelGSS authored and richardlau committed Feb 13, 2023
    Configuration menu
    Copy the full SHA
    8c11d17 View commit details
    Browse the repository at this point in the history

  2. deps: update archs files for OpenSSL-1.1.1t 

    After an OpenSSL source update, all the config files need to be
regenerated and committed by:
   $ make -C deps/openssl/config
   $ git add deps/openssl/config/archs
   $ git add deps/openssl/openssl/include/crypto/bn_conf.h
   $ git add deps/openssl/openssl/include/crypto/dso_conf.h
   $ git add deps/openssl/openssl/include/openssl/opensslconf.h
   $ git commit

PR-URL: #46566
Refs: https://mta.openssl.org/pipermail/openssl-announce/2023-February/000251.html
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Beth Griggs <bethanyngriggs@gmail.com>
    @RafaelGSS @richardlau
    RafaelGSS authored and richardlau committed Feb 13, 2023
    Configuration menu
    Copy the full SHA
    0d5f864 View commit details
    Browse the repository at this point in the history

  3. deps: cherry-pick Windows ARM64 fix for openssl 

    Original commit message:

    rsa: add msvc intrinsic for non x64 platforms

    _umul128() is x86_64 (x64) only, while __umulh() works everywhere, but
    doesn't generate optimal code on x64

PR-URL: #46566
Refs: openssl/openssl#20244
Refs: https://mta.openssl.org/pipermail/openssl-announce/2023-February/000251.html
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Beth Griggs <bethanyngriggs@gmail.com>
    @richardlau
    richardlau committed Feb 13, 2023
    Configuration menu
    Copy the full SHA
    9e62215 View commit details
    Browse the repository at this point in the history

Commits on Feb 14, 2023

  1. build: build ICU with ICU_NO_USER_DATA_OVERRIDE 

    CVE-ID: CVE-2023-23920
Backport-PR-URL: nodejs-private/node-private#377
PR-URL: nodejs-private/node-private#374
Refs: https://hackerone.com/bugs?subject=nodejs&report_id=1625036
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Michael Dawson <midawson@redhat.com>
    @RafaelGSS @richardlau
    RafaelGSS authored and richardlau committed Feb 14, 2023
    Configuration menu
    Copy the full SHA
    97a0443 View commit details
    Browse the repository at this point in the history

Commits on Feb 15, 2023

  1. module: protect against prototype mutation 

    Ensures that mutating the `Object` prototype does not influence the
parsing of `package.json` files.

Backport-PR-URL: nodejs-private/node-private#373
PR-URL: #44007
Reviewed-By: Geoffrey Booth <webadmin@geoffreybooth.com>
    @aduh95 @richardlau
    aduh95 authored and richardlau committed Feb 15, 2023
    Configuration menu
    Copy the full SHA
    fa115ee View commit details
    Browse the repository at this point in the history

  2. policy: makeRequireFunction on mainModule.require 

    Signed-off-by: RafaelGSS <rafael.nunu@hotmail.com>
Co-authored-by: Bradley Farias <bradley.meck@gmail.com>
Backport-PR-URL: nodejs-private/node-private#373
Refs: https://hackerone.com/bugs?subject=nodejs&report_id=1747642
CVE-ID: CVE-2023-23918
PR-URL: nodejs-private/node-private#358
Reviewed-by: Bradley Farias <bradley.meck@gmail.com>
Reviewed-by: Michael Dawson <midawson@redhat.com>
    @RafaelGSS @bmeck @richardlau
    2 people authored and richardlau committed Feb 15, 2023
    Configuration menu
    Copy the full SHA
    83975b7 View commit details
    Browse the repository at this point in the history

  3. lib: makeRequireFunction patch when experimental policy 

    Signed-off-by: RafaelGSS <rafael.nunu@hotmail.com>
Backport-PR-URL: nodejs-private/node-private#373
Refs: https://hackerone.com/bugs?subject=nodejs&report_id=1747642
CVE-ID: CVE-2023-23918
PR-URL: nodejs-private/node-private#358
Reviewed-by: Bradley Farias <bradley.meck@gmail.com>
Reviewed-by: Michael Dawson <midawson@redhat.com>
    @RafaelGSS @richardlau
    RafaelGSS authored and richardlau committed Feb 15, 2023
    Configuration menu
    Copy the full SHA
    f7892c1 View commit details
    Browse the repository at this point in the history

  4. 2023-02-16, Version 14.21.3 'Fermium' (LTS) 

    This is a security release.

Notable changes:

The following CVEs are fixed in this release:

* CVE-2023-23918: Node.js Permissions policies can be bypassed via process.mainModule (High)
* CVE-2023-23920: Node.js insecure loading of ICU data through ICU_DATA environment variable (Low)

* OpenSSL 1.1.1t
* npm 6.14.18

PR-URL: nodejs-private/node-private#389
Refs: https://nodejs.org/en/blog/vulnerability/february-2023-security-releases
    @richardlau
    richardlau committed Feb 15, 2023
    Configuration menu
    Copy the full SHA
    edd64fe View commit details
    Browse the repository at this point in the history
Loading